Tfl data breach

[Danny McG]

This morning I went online and purchased 2 London 'visitor' oyster cards, I have 2 family members going to the city for a week in early October, they are prepaid cards.

This afternoon I get a message that Transport for London has suffered a massive cyber attack, this is still ongoing, so now I'm waiting to see if my bank account gets cleaned out.

 

[Danny McG]

Allegedly they're still dealing with the aftermath of the cyber attack, tfl has now posted that no customer data has been compromised.

 

[Dave]

They said immediately that no customer data had been "compromised" (of course, such as the world is today, no one believes even their own public bodies, but that's into current affairs territory.)

What I was going to ask was whether the cards were for older children? I'd never heard of a Visitor Oyster Card before.

If you are an adult travelling in London then you can simply use a bank Debit Card (or Credit Card) in much the same way as an Oyster Card. It still gives you both the daily and weekly spending caps you would get with an Oyster card, but has the advantage that you don't need to pay a deposit. (A deposit is okay if you live here, but is just wasted money if you are only using it for a week and never use it again.) Another advantage is that you don't need to top Debit Cards up.

I have a 60+ London Oyster photocard now which gives free travel (with some time restrictions) for £10 per year, but we still have some old Oyster cards in the house that we used to give out to visitors. They haven't been used in a year or so because people simply use their Debit Cards.

If you have an Older Person's Bus Pass from your local Council, you can use that on buses and tubes after 9am.

The only problem with using Debit and Credit Cards is that you must keep using the same Card all the time (to prevent card clash) and each person needs a different Card to use (the whole family can't travel on one Debit Card.) Obviously, even older children don't usually have bank accounts that give Debit Cards and maybe the "visitor" Oyster Card is designed to overcome some of these problems. After reading about it, it also seems to offer reduced entry to attractions.

Don't ever buy tickets unless you are only going on one single journey in one day. The only people buying tickets are tourists who don't know any better, and there is always a huge queue of tourists at the machines. Even coming back to London from Gatwick Airport (outside the Oyster Card zones) it is still cheaper to use a Debit Card.

 

[Foxbat]

I always use a credit card online (it’s the only reason I have one). It means that there’s no direct route to your bank account and it has a credit limit so, in the worst situation, that limit should get the maximum lost. It also offers better fraud protection whereas, depending on your bank, you may lose the whole lot taken out of your account.

 

[Dave]

Allegedly they're still dealing with the aftermath of the cyber attack, tfl has now posted that no customer data has been compromised.

In case they didn't update you, they are now saying that customer data was compromised: names and addresses, but only bank accounts for customers who received refunds. As I mentioned earlier, this drip drip feed kind of thing is exactly why no one believes what they are told by companies, local and central government. It is only a conspiracy "theory" until it has actually been proven to be true.

Transport for London

Dear Mr Xxxxxxxxxx,

We are currently dealing with an ongoing cyber security incident. The security of our systems and customer data is very important to us, and we have taken immediate action to protect our systems.

We identified some suspicious activity on Sunday 1 September and took action to limit access. We are conducting a thorough investigation into the incident, alongside the National Crime Agency and the National Cyber Security Centre.

Although there has been very little impact on our customers so far, the situation is evolving and our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details, including email addresses and home addresses where provided.

Some Oyster card refund data may have also been accessed. This could include bank account numbers and sort codes for a limited number of customers (around 5,000).

If you are affected, we will contact you directly as soon as possible as a precautionary measure, and will offer you support and guidance.

We are doing all we can to protect our services and secure our systems and data. Our proactive measures mean that:

Live Tube arrival information is not available on some of our digital channels, including TfL Go and the TfL website. In-station and journey planning information is still available
Applications for new Oyster photocards, including Zip cards, have been temporarily suspended. If you want to replace a lost photocard, please call us on 0343 222 1234, 08:00-20:00 every day, and select option 1 (charges may apply)
If you have been unable to apply, please continue making your journeys as usual and keep a record of any fares paid. We may be able to arrange a refund once the incident has been resolved and you receive your new photocard
⁠If you travel using a contactless payment card, you won’t be able to access your online journey history
Currently we are unable to issue refunds for incomplete pay as you go journeys made using contactless, so always remember to touch in and out. Oyster customers can self-serve online.
Many of our staff have limited access to systems and as a result there will be some delays responding to any online enquiries.

We’re also undertaking an all-staff IT identity check. Although we don’t expect any significant impact to customer journeys as we carry out this process, temporary and limited disruption is possible to some services. Please check before you travel.

We will continue to keep you updated. We are sorry for the inconvenience this incident may cause and thank you for your patience.

Yours sincerely

Customer Information Team
Transport for London

 

[Foxbat]

It was reported on the news this morning that a 17 year old has been arrested in connection with the attack.

 

[mosaix]

It was reported on the news this morning that a 17 year old has been arrested in connection with the attack.

Hope they now realise that hacking is not some kind of computer game and that it has real life consequences.

 

[Dave]

TfL have still not sorted this out!

You cannot renew or obtain a pass. School kids cannot renew or get new ZIP cards. They expired on 30th September and have been told to continue using them, but if you don't have one (say, you just moved to London) then you have to buy an Oystercard and get a refund at some unspecified time in the future.

What kind of hack would knock out a computer system for over a month?

 

[Ursa major]

What kind of hack would knock out a computer system for over a month?

The hack of a system that wasn't fit for purpose...?